CN1160616C - Anti-virus agent for use with database and mail servers - Google Patents

Anti-virus agent for use with database and mail servers Download PDF

Info

Publication number
CN1160616C
CN1160616C CNB971994595A CN97199459A CN1160616C CN 1160616 C CN1160616 C CN 1160616C CN B971994595 A CNB971994595 A CN B971994595A CN 97199459 A CN97199459 A CN 97199459A CN 1160616 C CN1160616 C CN 1160616C
Authority
CN
China
Prior art keywords
annex
message
virus
email message
computer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB971994595A
Other languages
Chinese (zh)
Other versions
CN1236451A (en
Inventor
Ch
C·H·陈
C·K·罗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cheyenne Software Inc
Original Assignee
Cheyenne Software Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cheyenne Software Inc filed Critical Cheyenne Software Inc
Publication of CN1236451A publication Critical patent/CN1236451A/en
Application granted granted Critical
Publication of CN1160616C publication Critical patent/CN1160616C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/02Comparing digital values
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/564Static detection by virus signature recognition
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Information Transfer Between Computers (AREA)
  • Medicines Containing Material From Animals Or Micro-Organisms (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A software agent (110) for detecting and removing computer viruses located i n attachments to e-mail messages. A client-server computer network includes a server computer and a plurality of client computers. A message system (130), located at the server computer, controls the distribution of e-mail messages. An anti-virus module (120), located at the server computer, scans files for viruses. The agent (110) is located at the server computer and provides an interface between the anti-virus module (120) and the message system (130). The agent can operate both on a real-tim e basis and at preset period intervals. E-mail messages that are sent internally within the network can be scanned, e.g., Intranet e-mail messages. In addition, e-mail messages received over the Internet can be scanned.

Description

Be used for detecting and remove the method and system of the computer virus of Email attachment
Invention field
The present invention relates to one and be used to detect the also software program and the interface of dump virus, relate in particular to the system and method for the computer virus in detection and clear data library file and the e-mail attachment.
Copyright notice
The partial content of this patent file comprises the material that belongs to copyright protection.When it appeared in the patent literature or record of patent and trademark office (Patent and Trademark Office), the literary property owner did not oppose that anyone duplicates this patent documentation or patent content.Otherwise keep all literary property rights.
Background of invention
Computer virus is a computer program, changes the method for operation of computing machine under unwarranted situation.Similar to biological virus, computer virus can duplicate and self be attached on other file.
For becoming computer virus, a program only need satisfy two standards.At first, it is executable, and often certain version with its code is placed in another program implementation path.Computer virus often carries out it self.The second, it duplicates self.For instance, a Virus can copy self other executable file or disk to user capture.Many computer viruses will self be attached on other executable file.
Virus is replicated at an infected file, downloads, or is propagated when using.Virus can be invaded the workstation (comprising desk-top computer and laptop computer) and the webserver etc.
Many viruses are destroyed the infected computing machine or the webserver when carrying out.Some viruses are designed to by making program paralysis, deleted file, or method such as reformatting hard disk is destroyed computing machine.When virus damages, destructiveness depends on the specific virus of infect computers and changes.Usually, virus can cause following destruction to computing machine: hang up computing machine, deleted file confuses the data on the hard disk, attacks file allocation table, attacks partition table, or disk format.
Other viruses are a little tedious things, constantly duplicate oneself, or output text, video or audio message.Even these benign virus, still can throw into question, because they occupy the calculator memory that legal procedure uses usually to the computer user.As a result of, they often cause unsettled behavior, and make system crash.In addition, many viruses are full of mistake, and those mistakes can cause system crash and loss of data.
Personal computer virus can be classified according to the mode of its propagation and infect computers.The system region of boot section type virus infections disk, that is, and the leader record on floppy disk and the hard disk.The small routine of carrying out when all floppy disks and hard disk (comprising the disk that only contains data) all comprise a computer starting in leader record.Boot section type virus oneself is attached to this part of disk with them, and attempts to activate when infected disk starts the user.Thereby type virus in boot section covers the original boot section of this disk with its code, makes virus what its content always in office be loaded into internal memory before.In case in internal memory, virus can make boot disk use, or propagates into other disk.Master boot sector type virus covers the master boot sector (partition table) of disk, first sector that this master boot sector is a hard disk.File Infector Virus infects other program when an infected program run.For being activated, File Infector Virus must be carried out.They are not retained in the internal memory, so they do not infect system.File Infector Virus self is attached to executable file (such as containing as .COM .EXE .OVL .DLL .DRV .SYS, the executable file of the extension name of .BIN and .BAT) with them.These viruses often change file attributes information and file size, time and date information.RAM resident type virus is with they self graftabl and take over the control of operating system.As File Infector Virus, RAM resident type virus self is attached to them on the executable file.Mixed type virus combines RAM resident type virus, the feature of File Infector Virus and boot section type virus.
A kind of Virus Type recently, macrovirus.Be to use specific computer program, write as the macrolanguage of word processor or tabulation software.Therefore macrovirus can reside in the document.The macrovirus infected file, and can be when carrying out terminate-and-stay-resident.They can be at documentation of program accessed or operation when being triggered by certain user action, this user action such as specific keystroke or menu are selected.Macrovirus can be stored in the file that contains any extension name, transmits by file, even is propagated by Email.Although usually not by the virus infections of type previously discussed, the grand application software of any support that automatically performs all is the potential platform of macrovirus in the document in the past.Because now document is shared widely by network and the Internet, even surpassed sharing of disk in the past, may become more popular based on the virus of document.
Even the manufacturing behavior of doing it on purpose of virus, virus are usually at user's copy of an innocent person or download the network that infected file is introduced into computing machine and enterprise on computing machine or network the time.
Traditional antivirus software is designed to detect and dump virus.Virus is detected with two kinds of basic modes by antivirus software: by scanning fully or the real time scan when each file is accessed to hard disk.Most antivirus softwares provide this two specific character simultaneously.And virussafe can be by the file or the file directory of the one or more users' selections of instruction scan.
Scanning and real time scan detect known viruse with feature code (as viral fingerprint) fully, and program of this feature code identification is a virus.Some antivirus softwares also using advance technology (such as polymorphic detection) are discerned potential virus, and the virus in procuratorial work internal memory and the system file.
Existing anti-virus product is worked finely when floppy disk is main equipment to calculator memory input data.But in recent years, electron transport has become the common approaches with the electronic form swap data.Not surprisingly, electron transport has not become main virus threat yet.Existing antivirus technology does not guarantee to prevent that virus is introduced into computer network and propagation therein in various possible modes.
Many enterprises have computer network sharing and be used to exchange messages with permission program and data.Along with network, the growth of communication in enterprise calculation and the tissue, (for example, using client-server network and equality network, LAN (Local Area Network) and wide area network), virus can easily be propagated by the computer system of tissue, infects many computing machines.And exchanges data just is being to use the reason of these schemes, and the virus in the enterprise on computing machine is than more may and infecting them with other computing machine communication several years ago.And many organization internal networks have the electronics connection (such as the Internet, special-purpose online service, and bulletin board) to external computer networks.These connections make electronic data and computer program (comprise those may by computer virus infection) be introduced into the network of tissue.(according to NCSA (NCSA), the enterprise network above 70% is by virus infections.)
About computer virus, special concern be Email (e-mail).The continuous growth with communication in tissue (for example, using LAN (Local Area Network)) reaches and PERCOM peripheral communication (for example, communicating by letter with computer user at a distance by the Internet) in the use of Email.Email message can comprise additional file, for instance, comprises executable file, formatted document, and sound, video, etc.The annex that should be appreciated that email message can comprise by the file of computer virus infection.Like this, for instance, the Email that receives by the Internet can comprise a Microsoft Word document that is infected by the Word macrovirus as annex; Also may comprise to the email message of its many group member's broadcasting on LAN (Local Area Network) by the project manager by the annex of virus infections.
Because the file of any kind can append on the email message, virus protection software often is difficult to decision and how handles annex.In addition, the typical electronic mailing system is stored all email messages with distinctive file layout on mail server, and no matter the form of appended file.All message that received by a user can be stored as a single file, for example " inbox.msg " on central mail server.And some e-mail programs use distinctive encryption method.It is said scanning from the unusual difficulty of the e-mail attachment of LAN inside, because resemble cc:mail, the such e-mail program of Microsoft Exchange and Davinci is for the reason encrypted E-mail of privacy.Therefore, the form that e-mail program uses, the antivirus software that algorithm and data structure make exploitation prevent that virus from propagating by e-mail attachment become difficult.
An important goal of virussafe is to damage or virus detects virus before propagate being infected other computing machine as quickly as possible.Many virus checkers for instance, do not scan the virus of the email message that sends outward, allow the possible propagation of virus to other computing machine thus.Normally used virussafe do not scan the Email rough draft that is created but do not have to send (that is, and an email message, be created and store be used for editing after a while and/or sending).The virus detection software that relates to Email can only scan some e-mail attachment when some definite event takes place.Therefore, need all not detect virus in e-mail system in each moment that virus may enter or propagate.
Some products claim that can scan the file that is attached in the Email detects virus.For example, " the ScanMail for cc:Mail " of Trend Micro Incorporated issue can scan the e-mail attachment that receives by the Internet.This program is the software of an Agent Type, replaces original post office with its oneself the post office (virus detects and carries out therein) of acting on behalf of, and after detecting virus the Email of cleaning is sent to original post office.Like this, being received from the outer Email of network at first is scanned before entering the post office of system.(it is said that ScanMail protects internal lan by the virus in intercepting before virus arrives workstation and the isolation cc:Mail post office.) still, this framework can not scan the email message of Intranet.The inner message that sends and receive never arrives acts on behalf of the post office, and therefore can not be scanned.Thereby the user can send virus by Email at organization internal.ScanMail can not detect the virus in the e-mail attachment that produces and exist in LAN (Local Area Network).
That another claims energy scans e-mail annex is the InterScan VirusWall of Trend Micro Devices company issue.When it is installed on the UNIX internet gateway, InterScan VirusWall attempts intercepting and scans e-mail annex, and FTP transmit data, and WWW is downloaded, and uploads, and reaches the data of transmitting between household PC or the LAN (Local Area Network) and the external world.InterScan VirusWall is used for the FTP acting server of gateway communication by one and Simple Mail Transfer protocol (SMTP) acting server that one is used for Email is formed.The same with the ScanMail application software, InterScan VirusWall program can only be by the e-mail attachment of internet gateway; It can not scan at the inner e-mail attachment that transmits of LAN (Local Area Network).In addition, the InterScan application program operates on the gateway and scans independent bag, and when file on the network during greater than a bag big or small, it may be effective inadequately to the file that detects polymorphic virus or compression.
The product of the Antigen by name of Sybari issue passes to third party's virus scan instrument to detect virus with e-mail attachment.Yet if virus is detected and is eliminated, Antigen can not get back on the email message e-mail attachment is attached again.Although Antigen software can offer third party software with e-mail attachment, intrasystem annex will keep infected state, because do not have integrated to activate the virus of third party software healing in e-mail attachment between Antigen software and third party software.
Some virus checkers that are used for Email move in client, and scan the email message that sends to this user when the user opens his or her mailbox.Such system effectiveness is lower.Virus checker must be loaded into each client computer; Therefore, if 250 workstations are arranged, virus checker must be loaded 250 times.If omitted a workstation, perhaps virus just detect not come out.In addition, when the user opened his or her mailbox, scanning was carried out on the basis that postpones.If the user is not frequent Email User, when opening mailbox, perhaps there are many message to be scanned.Infected email message possibility is long-time not to be resided in the mailbox of not opening with detecting, and possibility is because automatic rule is automatically passed on by an Email that meets some feature of receiving and quilt is propagated to other users.
Thereby, needing a computer program, this program can scan and remove the computer virus in e-mail attachment, and does not damage the annex of email message.This program can be at all email messages, the Email that comprises those internal system (for example, Email between the user on the same mail server), those send to or are received from the Email of external electrical mailing system, or those have drafted and be stored in e-mail server but the Email that is not sent out.
Also need a centralized system, be used for scans e-mail message detection virus, and do not need antivirus software is loaded on all working station of network.
Summary of the invention
In exemplary embodiments, the present invention is a software program that uses with antivirus software (being called the agency here), is used for detecting and removing the computer virus that may be present in the e-mail attachment.
Agent computer program of the present invention is isolated e-mail attachment from email message, it is scanned with detection computations machine virus, (and, if desired, any detected computer virus is eliminated), then with the sub-email message of the attached again telegram in reply of annex.For all email messages, the present invention correctly works, this message comprises the email message (being called the Intranet Email herein) of (a) internal system, (b) send to or be received from the email message (being called internet E-mail herein) of an external electrical mailing system, (c) drafted also/or be stored in e-mail system but the email message that do not send as yet.
Should be appreciated that to be different from fire wall or to act on behalf of the post office that agency of the present invention makes the e-mail attachment of scanning enterprises Internet become possibility from the mailing system internal operation.
Therefore, the present invention will guarantee that all email messages will be scanned with protection internal electron mailing system.
And, in case virus detected and from annex, remove after, this annex is still a useful part of email message, and can be by e-mail system processing as usual.
An advantage of the present invention is that it operates in server end, rather than in client.Thus, the agency only needs to be loaded once on each mail server, rather than is loaded on every the workstation or PC of network.In addition, email message can be scanned and kill virus and no matter whether user's Email uses.Therefore, receive many Email cracks if the user is on furlough, they will be scanned and kill virus, thereby when the user returns, his or her mailbox will only comprise the email message that does not have virus.
A kind of like this efficient of method can be seen by the mail carrying of analogizing real world.If wishing to scan all mails, we detect bomb, in mail switching centre a scanning machine is set, when being classified, mail scans them continuously, and than among other a scanning machine being set, more efficient by run-down every day after sending at mail at each.
In exemplary embodiments of the present invention, the agency browses that each generates in customer network or is received from annex in the Email of external network, from database or mailbox, isolate each such annex, and send these annexes to integrated or independently antiviral application software.The agency can be attached to annex on the email message after being handled by antiviral application software again.
In addition, agency of the present invention can operate in server level, the viral detecting operation of concentrating thus.A user's Email can be scanned to detect virus does not need this user's login on network.In addition, the scanning of Email can be carried out on the regular basis clocklike, rather than only sending, carry out when reception or reading Email.
The invention provides an Application Program Interface, can be from the centralized management of webserver, thereby do not need to be installed in every workstation that the server of managing concentratedly is connected on.
The agency of exemplary embodiments of the present invention is designed to many Emails and Database Systems general and compatible.
Except that based on scanning termly, the present invention includes the real time scan ability, the scans e-mail annex is to detect virus when receiving new email message.
These and other advantage and characteristic of the present invention will become very obvious after for the detailed Description Of The Invention of those skilled in the art below having read and the accompanying drawing followed of research.
The accompanying drawing summary
Fig. 1 is the piece figure of a network architecture, and the present invention is implemented on this framework.
Fig. 2 is the module communication synoptic diagram between the present invention and the e-mail system.
Fig. 3 is a process flow diagram of describing operation of the present invention in detail.
Detailed Description Of The Invention
Referring now to accompanying drawing,, at first see Fig. 1, the there illustrates a computer network, and this network is a Local Area Network 100, is arranged to an operation Agent 110 of the present invention.
As here describing, the present invention operates on the LAN (Local Area Network) with user terminal/server framework.But, the invention is not restricted to such network or framework, for instance, it can easily be transformed to operate in such as on peer-to-peer network or the wide area network.And Agent can be integrated into other program, or is created as the part of other program, these programs such as network operating system, e-mail program, and/or virus checker.
Network 100 comprises a server 20, a plurality of personal computers (PC) 10 and workstation 30, and an internet gateway 40, and all these are joined together by communication line 15.As mentioned above, this network configuration only is example that can move agency's of the present invention network architecture type of diagram.Server 20 and personal computer 10 can be programmed to move a specific Email or database program, as Lotus Notes program or MicrosoftExchange program.Each personal computer generally includes an input equipment 16 (keyboard for example, mouse, etc.), an output device 12 (for example, monitor), processor 13 and internal memory 14; Similarly, workstation 30 also can comprise an output device 32, input equipment 36, processor 35 and internal memory 34.
In addition, gateway 40 is provided to external computer networks for network 100, and for example the Internet 42, visit.Agency 110 of the present invention is configured to and offers the Email and the Database applications software compatibility of server 20.
For describe clear for the purpose of, as used herein in the example, the agency 110 of exemplary embodiments of the present invention attempts scanning and is generated by Lotus Notes program, the file that sends or receive and the annex of message.For simplicity, term " email message " will be used to be described in the mail server and use, by all types of files that mail server sends or receives, message, broadcasting and communicate by letter the database program of this mail server such as Lotus Notes program or supporting attachment.Agency 110 of the present invention can also support the network mail and the database program of email message attachments with other, and as the Exchange program of Microsoft, cc:mail and the BeyondMail of Lotus move together.In addition, agency 110 can with public folders and forum (for example, a zone, the message that the user puts up in the above can be browsed by every other user) operation together.
Fig. 2 for example understands the software component of the exemplary embodiments of the present invention that serviced device 20 is carried out.The illustrational representational application software of being carried out by server 20 that is used for is the LotusNotes program.Lotus Notes server program 130 is configured in server 29 that other node in LAN100 sends and other node in LAN100 receives file and Email, and those nodes comprise internet gateway 40.One or more databases 140 (is Lotus Notes database 140 at this) storage is received, sends the email message of drafting or preserving.(in Lotus Notes, each database is used as a file and treats).The annex of email message by with this message stores in Lotus Notes database 140.Mail server 130 and database 140 can be considered to a message system together.The node of network (for example 10,30) can comprise the client mailer, and is mutual with mail server 130, allows the user to create, and reads, and sends, preserve, and editing e-mail message.
Antiviral application software 120 scanning documents to be detecting virus, and can remove virus from any infected file.In exemplary embodiments, antiviral application software 120 is InocuLAN programs, is provided by the Cheyenne software company of New York Roslyn Heights.The InocuLAN program can be considered to comprise two submodules, i.e. partial sweep module and task service module.The InocuLAN program is used as agency 110 user interface, for example, is set the time when scanning is about to take place, and reporting scanning result.
Agency 110 isolates the annex of email message and passes to antivirus software application software 120.
Fig. 3 shows and the agency's 110 of the present invention corresponding process flow diagram of operation that this agency cooperates with antiviral application software 120.Although agency 110 of the present invention is general for database and e-mail system, for the sake of simplicity, the scanning to email message will only be discussed below.In addition, suppose all email messages (that is all attachment files of all databases and mailbox) are scanned fully.In step 200, agency 110 determines whether there is annex in an email message.If there is no annex, agency 110 determines in step 240 whether whole mailing system 140 is scanned.If whole mailing system 140 has been scanned, act on behalf of 110 out of service.But if whole mailing system 140 is not scanned, agency 110 continues to handle next email message (step 235).If have annex in an email message, agency 110 isolates annex (step 205), and annex is sent to antiviral application software 120 (step 210).If antiviral application software 120 does not detect virus in annex, agency 110 is attached to original email message (step 220) again with annex.
But if antiviral application software 120 detects the existence of virus in annex, an alarm is generated (step 245).This alarm can be constructed in many ways.For example, alarm can comprise the text message of a system scope, is sent to every PC10 or workstation 30 among the LAN100, or the network manager; Perhaps alarm can comprise the message that is delivered to the generation or accepts the network node of this infected annex.After such alarm generated, antiviral application software 120 can (if having disposed like this) be deleted infected annex (step 250).So, annex deleted (step 255).After step 255, agency 110 determines whether whole mailing system 140 has been scanned (step 260), if scan, process arrives and finishes (step 230).If whole mailing system 140 is not scanned, agency 110 handles next email message (step 235).
If infected annex is not deleted in step 250, antiviral application software 120 is cured infected annex (step 270) under possible situation.If cured, annex is enclosed (step 220) again, if also have email message, agency 110 handles next email message.Agency 110 can handle the email message (comprising the Intranet email message) of LAN100 inside or enter the email message (the Internet e-mail message) of LAN100 by gateway 40 from the Internet.
InocuLAN program 120 will be reported to the police with the warning user to the individual of appointment by the Alert Generic Notification system of e-mail system or Cheyenne software company, so prevents the propagation of virus.The partial sweep instrument of InocuLAN and task service are cooperated with agency 110 and are detected and remove with the scanning of implementing virus in message system, and guarantee a virus-free environment.
Be to be used to realize that the false code in agency's 110 of the present invention APIs storehouse describes below.Agency 110 can be considered to high-level, the general storehouse of APIs.The agency 110 of exemplary embodiments can be used in combination with Lotus Notes and Micrisoft Exchange program.The agency 10 utilizes Lotus Notes API collection, and Micrisoft Exchange API collection and MAPI assist its function, for example, browses, and separates and adheres to e-mail attachment again.Those Lotus and Micrisoft APIs publish, and skilled programmer will understand them and can how be configured to and act on behalf of 110 mutual.Agency 110 is such one group of APIs that can be used to communicate by letter with mail server program 130 by antiviral application software 120.
In the false code below, " MDA " is a term, looks like to be the mail database agency.
" UID " is unique or general identifier, is used to discern an email message.This example hypothesis LAN uses Windows NT network operating system.
MDAConnectAgent (): the connection that is established to Message Agent.
At any needs<agent_id〉be called before the MDA API Calls as input parameter.
Input:
Windows nt server name.
The name of Message Agent.
Windows NT user login name.
The characteristic data file name that is used to login (only being used for swap server).
The password that uses during with above-mentioned user ID and the login of user characteristic data file.
Output:
<agent_id 〉, it is the connection identifier that is returned, and can be used for following the tracks of current connection example by the API Calls of back.
MDADisconnectAgent (): disconnection is connected with the current of Message Agent, is being called to discharge resource behind each MDA conversation end.
Input:
<agent_id>
MDAGetAgentInfo (): obtain the message system vendor information from the Agency.Can between MDAConnectAgent () and MDADisconnectAgent (), whenever be called.
Input:
<agent_id>
Quilt<vendor〉size of the buffer zone that points to
Output:
<vendor 〉, it be about with the information of the message system of agency dialogue.
MDAOpenDatabase (): open Lotus Notes database or ExchangeInformation Store.Call to obtain an active data storehouse handle for the first time.All need the MDA API Calls of database handle can be called then.MDAScanAllFindFirst () or MDAScanDatabaseFindFirst () will impliedly open information store.
Input:
<agent_id>
<dbname 〉, the input Lotus Notes database name with being opened is set to sky for Microsoft Exchange.
<istoreUID 〉, the user identifier with the Exchange InformationStore that is opened is set to sky for Lotus Notes.
Output:
<dbhandle>
MDACloseDatabase (): close a Lotus Notes database of opening or Exchange Information Store.The resource that is called and distributes to discharge.
Input
<agent_id>
<dbhandle>
MDAEnumObjects (): in a container, enumerate subobject.For Exchange and Lotus Notes, three layers of object are arranged, that is, and Agent, Mailbox/Public Istore, and Message.When<input_object_type〉when being MDA_OBJECT_AGENT, return the tabulation of a Mailbox and Public Istore.When<input_object_type〉be MDA_OBJECT_MAILBOX or Istore, return a messaging list wherein.Can between MDAConnectAgent () and MDADisconnectAgent (), whenever be called.
Input:
<agent_id>
<input_object_type〉---the type of the input object enumerated, possible values is MDA_OBJECT_AGENT, MDA_OBJECT_MAILBOX and MDA_OBJECT_INFORMATIONSTORE.
The display name of input object.
The user ID of input object only is used for Exchange.
The size of buffer zone.
Output:
Be returned the type of object.
Comprise the buffer zone of the display name tabulation of subobject, finish by two null character (NUL).
The number of the byte of in above-mentioned buffer zone, returning.
The buffer zone that comprises the user ID tabulation of subobject.
The number of the byte of in above-mentioned buffer zone, returning.
MDAGetAllMsgUids (): the message user's identification list that obtains all message in openedMailBox or InformationStore.
Input:
<agent_id>
<dbhandle>
The size of user ID buffer zone.
Output:
Be included in the buffer zone of message user's identification list of the message among Mailbox or the Information Store.
The number of the byte of in above-mentioned buffer zone, returning.
MDAGetObjectProperty (): the interested characteristic of obtaining appointed object.
MDAScanAllFindFirst (): scan whole message system and return in the system of being stored at<start_time〉tabulation of all attachment files of receiving after the time mark of appointment.If<start_time〉be 0, all annexes will be scanned.To at first scan PublicInformation Store, scan Private Information Stores then.This API will cause first Information Store to be opened, and return a database handle in AFILE.Can be called in any time between MDAConnectAgent () and the MDADisconnectAgent (), but can not in officely what be called in its activity scanning sequence.This API can not be called when the activity database handle exists.Must call MDACloseFindHandle () and finish a scan session.
Input:
<agent_id>
<start_time 〉, the scanning start time.
Output:
<handle 〉, return to the search handle of the caller of current scanning, be used to follow the tracks of whole scanning sequence.
<afile 〉, first accessory information that finds in the system.
MDAScanAllFindNext (): the next accessory information structure of obtaining current scanning.In a MDAScan session, be called.This API Calls can cause an InformationStore to be closed, and another Information Store is opened.
Input:
<agent_id>
<handle>
Output:
<afile 〉, the next accessory information that finds in the system.
MDACloseFindHandle (): close the current search handle---will finish current scanning.Call with a movable handle.Can be at a MDAScanAllFindFirst (), MDAScanAllFindNext () is called behind MDAScanDatabaseFindFirst () or the MDAScanDatabaseFindNext ().
Input:
<agent_id>
<handle>
MDAScanDatabaseFindFirst (): the Information Store of scanning appointment also returns the tabulation that is stored in all attachment files there.Can be called in any time between MDAConnectAgent () and the MDADisconnectAgent (), but can not in officely what be called in its activity scanning sequence.
Input:
<agent_id>
<path 〉, the pathname with the Lotus Notes database that is scanned only is used for Lotus Notes, otherwise is set to sky.
<istoreUID 〉, with the user ID of the Information Store that is scanned---only be used for Exchange, otherwise be set to sky.
<start_time>
Output:
<handle>
<afile 〉, first annex that finds in the storage.
MDAScanDatabaseFindNext (): the next accessory information structure of obtaining current scanning.This API is called in a MDAScan session.Can be called in any time between MDAConnectAgent () and the MDADisconnectAgent ().
Input:
<agent_id>
<handle>
Output:
<afile 〉, the next annex that finds in the system.
MDADeleteFile (): delete the temporary file of creating for detached accessories and remove annex.If filePath is not empty, deletion is by the file of its appointment.If afile or attachInfo are not empty, enter message and therefrom delete annex.Can be called in any time between MDAConnectAgent () and the MDADisconnectAgent ().
Input:
<agent_id>
<afile 〉, comprise accessory information, and the database handle of current information storage.
<filePath 〉, the path of temporary file.
MDAExtractFile (): attachment content is extracted in the temporary file.Can be called in any time between MDAConnectAgent () and the MDADisconnectAgent ().
Input:
<agent_id>
<afile>
Output:
<filePath>
MDAAttachFile () a: file is attached on the annex of an existence.Can be called in any time between MDAConnectAgent () and the MDADisconnectAgent ().
Input:
<agent_id>
<afile>
<filePath>
MDAGetMailInfoFromAFile () a: file is attached on the annex.Can be called in any time between MDAConnectAgent () and the MDADisconnectAgent ().
Input:
<agent_id>
<afile>
Output:
<mail 〉, about the information of the message that comprises annex.The buffer zone at one group of pointed real data place.
<buffer 〉, comprise output information.
The size of above-mentioned buffer zone.
MDAGetAttFileCountFromMessage (): obtain attachment files tabulation by the particular message of message identifier appointment.Can be called in any time between MDAConnectAgent () and the MDADisconnectAgent ().
Input:
<agent_id>
<dbhandle>
<messageUID 〉, the user ID of message.
Output:
Attachment files list of file names in this message.
The size of above-mentioned tabulation.
MDASendMail (): send mail to designated user.Can be called in any time between MDAConnectAgent () and the MDADisconnectAgent ().
Input:
<agent_id>
<dbhandle>
MessageUID
With the name of opening
The recipient of message
The sender of message
Message subject
Message body
MDAGetError (): obtain error message from the Agency.Can be called in any time between MDAConnectAgent () and the MDADisconnectAgent ().
MDAGetMsgTime (): the Delivery time mark that obtains specify message.Can be called in any time between MDAConnectAgent () and the MDADisconnectAgent ().
Input:
<agent_id>
<dbhandle>
<msgUID 〉, be used for searching this message by Exchange at mailbox.
Output:
Time mark.
MDAGetOwnerName (): the possessory name of obtaining a particular attachment file.Can be called in any time between MDAConnectAgent () and the MDADisconnectAgent ().
Input:
<agent_id>
<afile>
Output:
Possessory name.
MDAEstimateAttFiles (): on server, estimate to contain to be later than<start_time〉size and the number of attachment files of time mark.Can be called in any time between MDAConnectAgent () and the MDADisconnectAgent ().
Input:
<agent_id>
<startt_ime>
Output:
The sum of attachment files.
The summation of all attachment files sizes.
MDASetDetachedDir (): a temp directory is set to separate catalogue.Can be called in any time between MDAConnectAgent () and the MDADisconnectAgent ().
Input:
<agent_id>
With the separation directory path that is created.
MDAFreeResource (): the resource that is released to the user ID distribution of appointment.The current Exchange that only supports.
Input:
<agent_id>
<uid>
Output:
The sign of success or system mistake.
The scans e-mail annex can take place on predetermined or real-time basis.When Scan for Viruses on predetermined basis, the time interval that the user utilizes antiviral application software 120 invisible scannings to take place, for example per 10 minutes, per hour, etc.The Email that mail server program 130 receives in a last time interval is scanned.If there is not new mail to be received, then scanning does not take place.Like this, when scanning is subjected to the control of antiviral application software 120.
Whenever an email message is received by the user, real time scan will scan this Email and no matter whether this user is connected to mail server program 130, also no matter whether the user reads or visit this email message.If there is not mail to be received, scanning does not take place.
Like this, not having the user to sign in to PC 10 or workstation 30 is necessary for the running that triggers agency 110 of the present invention.
In typical embodiments of the present invention, be used for the following realization of real time scan ability and the description of the exchange server program of Microsoft.It provides the real time scan ability for the exchange server of Microsoft.That is, in case an email message is sent to a mailbox, agency 110 is called immediately.If there is annex, the agency 110 will isolate appended file, and they are sent to antiviral application software 120 be used for scanning.If virus is detected, antiviral application software 120 can be removed virus and call agency 110 and enclose infected file again.
APIs (following description) comprises the readjustment ability in real time.Antiviral application software 120 provides the call back function to acting on behalf of 110.When agency 110 finds that some are antiviral application software 120 interested things (is the email message that contains annex at this), act on behalf of 110 and notify antiviral application software 120.In typical embodiments of the present invention, the filename that the agency isolates annex and annex is provided to antiviral application software 120 is to activate the scanning to annex.
Following false code has been described the APIs that is used for the of the present invention true-time operation relevant with the Exchange program of Microsoft:
Function
RTConnectAgent();
RTDisconnectAgent();
RTGetError();
RTSetDetachedDir();
RTSetCallbackFunction();
RTStartupNotification();
RTShutdownNotification();
RTSetExcludeFileExtension();
RTConnectAgent (): the connection that is established to the real-time messages agency.In office what is the need for wanted<agent_id〉be called before the MDI API Calls as input parameter.
Input:
<server_name>
Windows nt server name.
<agent_name>
The name of Message Agent.
<user_id>
User's Windows NT login name.
<userProfile>
The characteristic data file name that is used to login.
<password>
The password that uses during with above-mentioned user ID and the login of user characteristic data file.
Output:
<agent_id>
The connection identifier that returns can be used to follow the tracks of current connection example by follow-up API.
RTDisconnectAgent (): be disconnected to the current connection of Message Agent.Behind each MDA conversation end, be called to discharge resource.
Input:
<agentID>
The connection identifier of current connection.
RTSetExcludeFileExtension (): the address that the inocuLan call back function is set.
Input:
<agentID>
The connection identifier of current connection.
<excludeFlag>
All files | all get rid of | only with tabulation.
<extCount>
Escape character (ESC) string counting among the extString.
<extString>
Escape character (ESC) tandem table.
RTSetCallbackFunction (): the address that the inocuLan call back function is set.
Input:
<agent?ID>
The connection identifier of current connection.
<cbFunction>
The address of call back function.RTStartupNotification (): start real-time informing.
Input:
<agentID>
The connection identifier of current connection.RTShutdownNotification (): close real-time informing.
Input:
<agentID>
The connection identifier of current connection.RTGetError (): obtain error message from the Agency.
Input:
<agentID>
The ConnectionID of current connection.
<errcode>
Wrong return code from the Agency.
Output:
<err_buff>
The buffer zone that comprises error message.
<buff_size〉RTSetDetachedDir (): the catalogue of temp directory for separating is set.
Input:
<agentID>
The connection identifier of current connection.
<detached_dir>
With the separation directory path that is created.
Certainly, above-mentioned real time scan ability also can be that the mail server outside the Microsoft Exchange is realized.For example, Lotus Notes database, wherein each database is a file, whenever a new message is placed into this document, this document must be opened.Like this, utilize the routine interface (hooks) of operating system grade, agency 110 can notify antiviral application software 120 when new email message is received.
Should be appreciated that the present invention is with Windows NT WIN32 APIs, Lotus Notes APIs, first anti-virus agent based on server that Microsoft Exchange APIs and MAPI set up.Client is transparent for the existence of so antiviral entity.
And agency 110 of the present invention is general agencies, can with any antiviral server program interface.
The agency of typical embodiments of the present invention can utilize and comprise computer-readable instruction, as the logical circuit or the calculator memory (for example, the memory device of server 20) of computer program.The function of logical circuit or calculator memory as mentioned above.Computer program can be stored in hard disk, CD-ROM, or on the floppy disk.

Claims (35)

1. for to use in the computer network that contains client-server architecture and message system, based on server, the method that is used for detecting and remove the computer virus of the annex that is positioned at email message comprises the steps:
A trace interval is provided;
On server, the search message system is to obtain the accessories list of the email message that message system receives in previous trace interval;
On server, send each annex in the accessories list to antiviral detection module and be used for scanning computer virus;
At antiviral detection module, detect and remove the computer virus in each annex in the accessories list; And
On server, each annex is attached on the email message again.
2. the method for claim 1 further comprises the step that repeats this method through each trace interval.
3. the process of claim 1 wherein that email message comprises the email message from the user on the workstation of the client-server network at message system place.
4. the method for claim 3, wherein email message comprises the email message from the external message system.
5. the process of claim 1 wherein that email message comprises the email message that receives by the Internet.
6. for to use in containing the client-server computer network of mail server, the method that is used to detect and remove the computer virus of the annex that is positioned at email message comprises following steps:
A., a trace interval is set;
B. on server, the search mail server is to obtain in previous trace interval the accessories list to the email message of mail server input;
C. on server, detect and remove the computer virus in each annex in the accessories list; And
D. on server, each annex is attached to again on the email message of mail server.
7. the method for claim 6 further comprises the step through each trace interval repeating step B. to D..
8. the method for claim 6, wherein step C. further comprises and sends each annex in the accessories list to step that antiviral detection module is used for scanning computer virus.
9. for to use in containing the client-server computer network of mail server, the method that is used to detect and remove the computer virus of the annex that is positioned at email message comprises following steps:
A. obtain trace interval;
B. search for mail server to be based upon the accessories list of the email message of importing to mail server in the previous trace interval;
C. each annex in the accessories list is sent to antiviral detection module and be used for scanning and dump virus;
D. after antiviral detection module scanning and dump virus, each annex is attached to again on the email message of mail server; And
E. pass through each trace interval repeating step B. to D..
10. in the client-server computer network that contains a plurality of workstations and a server, to use, this server comprises a message system, comprises following steps based on the method for computer virus that is used to detect and remove the annex that is positioned at email message of server:
Receive email message at message system;
When receiving email message, determine whether this email message comprises annex;
If this email message does not comprise annex, then forward next bar email message to and judge whether it contains annex;
If this email message comprises annex, annex is passed to antiviral detection module be used for scanning computer virus;
At antiviral detection module, detect and remove the computer virus in the annex; And
Each annex is attached on the email message again.
11. the method for claim 10, the method that wherein receives email message comprises the step that receives email message from external computer networks.
12. the method for claim 10, the method that wherein receives email message comprises the step that receives email message from workstation.
13. contain in the computer network of a plurality of nodes at first, this first computer network is configured to move an e-mail system and is used for sending and receiving a plurality of email messages between a plurality of node, a subclass of these a plurality of email messages contains an annex that interrelates at least, a kind of method is used for detecting and dump virus from the annex of a plurality of email messages, and this method comprises following steps:
From each message of the subclass of these a plurality of email messages, isolate this at least one annex;
The annex of at least one sends an antiviral application program to this;
According to antiviral application program, scan this at least one annex to detect at least one computer virus;
Remove this at least one computer virus the annex of at least one from this; And
The annex of at least one is attached in a plurality of email messages on corresponding one again with this.
14. according to the method for claim 13, have at least in wherein a plurality of email messages one from another computer network of first computer network communication.
15., have one at least from first computer network in wherein a plurality of email messages according to the method for claim 13.
16. according to the method for claim 13, wherein whether annex is scanned no matter be opened or browsed all by the user.
17. according to the method for claim 13, wherein annex is not scanned with not being subjected to user intervention.
18. according to the method for claim 17, have at least in wherein a plurality of email messages one from another computer network of first computer network communication.
19. contain in the computer network of a plurality of nodes at first, this first computer network is configured to move an e-mail system and is used for sending and receiving a plurality of email messages between a plurality of node, a subclass of these a plurality of email messages contains an annex that interrelates at least, a kind of method is used for from least one annex detection and removes at least one computer virus, and this method comprises following steps:
From each of this a plurality of email messages, isolate this at least one annex;
Determine that whether this at least one annex is by at least one computer virus infection;
Remove this at least one computer virus the annex of at least one from this; And
The annex of at least one is attached in a plurality of email messages on corresponding one again with this.
20. be used for detecting and remove the system of the computer virus of the annex that is positioned at email message, this system is in individual client-server computer network, this network contains a server computer, a plurality of client computers, and the message system of distribution that is used to control email message that is positioned at server computer, comprising:
Be positioned at the antiviral module that scanning document detects virus that is used for of server computer; And,
Be positioned at the agency of server computer, this agency provides the interface between antiviral module and the message system, and comprises
Receive the device of trace interval;
The search message system is to obtain the device of the accessories list of the email message of message system reception in previous trace interval;
Send each annex in the accessories list to device that antiviral module is used for scanning computer virus; And
Each annex is attached to device on the email message again.
21. the system of claim 20, wherein email message comprises the email message from client computer on the computer network.
22. the system of claim 20, wherein message system comprises an exterior gateway, and email message comprises the email message from the external message system.
23. the system of claim 20, wherein email message comprises the email message that connects reception by the Internet.
24. the anti-virus agent that in the client-server computer network that contains a server computer and a plurality of client computers, uses, this server computer comprises the mail server that contains email message, this anti-virus agent auxiliary detection is arranged in the computer virus of the annex of email message, comprising:
The device of trace interval is set;
Be positioned on the server computer, be used to search for mail server to obtain in previous trace interval device to the accessories list of the email message of mail server input;
Each annex in the accessories list is passed to antiviral detection module to detect the also device of dump virus; And
Be positioned on the server computer, be used for each annex is attached to device on the email message of mail server again.
25. the system of claim 24 further comprises the device of the computer virus of each annex that is used for detecting and remove accessories list.
26. contain a plurality of nodes at first, and be configured to move an e-mail system is used for sending and receiving a plurality of email messages between a plurality of nodes computer network, a subclass of these a plurality of email messages contains an annex that interrelates at least, a system is used for detecting and dump virus from the annex of a plurality of email messages, and this system comprises:
From each message of the subclass of these a plurality of email messages, isolate the device of this at least one annex;
The annex of at least one sends the device of an antiviral application program to this;
According to antiviral application program, scan this at least one annex to detect the device of at least one computer virus;
Remove the device of this at least one computer virus the annex of at least one from this; And
The annex of at least one is attached to the device on corresponding in a plurality of email messages again with this.
27. the system of claim 26, in wherein a plurality of email messages at least one message from another computer network of first computer network communication.
28. the system of claim 26, at least one message is from first computer network inside in wherein a plurality of email messages.
29. contain a plurality of nodes at first, and be configured to move an e-mail system is used for sending and receiving a plurality of email messages between a plurality of nodes computer network, a subclass of these a plurality of email messages contains an annex that interrelates at least, system is used for detecting and removing at least one computer virus from least one annex, and this system comprises:
From each of this a plurality of email messages, isolate the device of this at least one annex;
Determine that whether this at least one annex is by the device of at least one computer virus infection;
Remove the device of this at least one computer virus the annex of at least one from this; And
The annex of at least one is attached to the device on corresponding in a plurality of email messages again with this.
30. real-time system that is used for detecting the computer virus of the annex that is positioned at email message, this system is in a client-server computer network, this network comprises a server computer, a plurality of client computers, with be positioned at the distribution that server computer is used to control email message, and comprise the message system of a plurality of mailbox, this real-time system comprises:
Be positioned at the antiviral module of server computer, be used for scanning document to detect virus; And
Be positioned at the agency of server computer, this agency provides the interface between antiviral module and the message system, is activated when an email message is delivered to a mailbox, and comprises:
Determine whether an email message comprises the device of annex;
From email message, isolate the device of annex;
Activate antiviral module and come the device of sweep attachment with detection computations machine virus; And
Each annex is attached to device on the email message again.
31. the real-time system of claim 30, wherein the device of Jian Ceing further comprises the device that annex is saved in a file.
32. the real-time system of claim 30, wherein the device of Ji Huoing further comprises the device to the file address that antiviral module circular saves attachment.
33. the real-time system of claim 30, wherein email message comprises the email message that the client computer from the computer network receives.
34. the real-time system of claim 30, wherein agency's interface between system and a plurality of different antiviral modules that gives information.
35. the real-time system of claim 30, wherein the agency provides the interface between antiviral module and a plurality of different message systems.
CNB971994595A 1996-09-05 1997-09-05 Anti-virus agent for use with database and mail servers Expired - Fee Related CN1160616C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/709,025 1996-09-05
US08/709,025 US5832208A (en) 1996-09-05 1996-09-05 Anti-virus agent for use with databases and mail servers

Publications (2)

Publication Number Publication Date
CN1236451A CN1236451A (en) 1999-11-24
CN1160616C true CN1160616C (en) 2004-08-04

Family

ID=24848177

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB971994595A Expired - Fee Related CN1160616C (en) 1996-09-05 1997-09-05 Anti-virus agent for use with database and mail servers

Country Status (15)

Country Link
US (1) US5832208A (en)
EP (2) EP1010059B1 (en)
JP (1) JP2001500295A (en)
KR (1) KR100554903B1 (en)
CN (1) CN1160616C (en)
AT (1) ATE241169T1 (en)
AU (1) AU735236B2 (en)
BR (1) BR9711990A (en)
CA (1) CA2264816C (en)
DE (1) DE69722266T2 (en)
ES (1) ES2199372T3 (en)
HK (2) HK1023826A1 (en)
RU (1) RU2221269C2 (en)
WO (1) WO1998010342A2 (en)
ZA (1) ZA977970B (en)

Families Citing this family (325)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6115712A (en) * 1996-07-12 2000-09-05 International Business Machines Corporation Mechanism for combining data analysis algorithms with databases on the internet
US7613926B2 (en) * 1997-11-06 2009-11-03 Finjan Software, Ltd Method and system for protecting a computer and a network from hostile downloadables
US8079086B1 (en) 1997-11-06 2011-12-13 Finjan, Inc. Malicious mobile code runtime monitoring system and methods
US6167520A (en) * 1996-11-08 2000-12-26 Finjan Software, Inc. System and method for protecting a client during runtime from hostile downloadables
US6154844A (en) * 1996-11-08 2000-11-28 Finjan Software, Ltd. System and method for attaching a downloadable security profile to a downloadable
US9219755B2 (en) 1996-11-08 2015-12-22 Finjan, Inc. Malicious mobile code runtime monitoring system and methods
US7058822B2 (en) 2000-03-30 2006-06-06 Finjan Software, Ltd. Malicious mobile code runtime monitoring system and methods
US6421733B1 (en) * 1997-03-25 2002-07-16 Intel Corporation System for dynamically transcoding data transmitted between computers
US6275848B1 (en) * 1997-05-21 2001-08-14 International Business Machines Corp. Method and apparatus for automated referencing of electronic information
US6014689A (en) * 1997-06-03 2000-01-11 Smith Micro Software Inc. E-mail system with a video e-mail player
IL128576A (en) * 1997-06-17 2004-03-28 Purdue Pharma Lp Self-destructing document and e-mail messaging system
US6016546A (en) * 1997-07-10 2000-01-18 International Business Machines Corporation Efficient detection of computer viruses and other data traits
JP3932319B2 (en) * 1997-07-24 2007-06-20 タンブルウィード コミュニケーションズ コーポレイション Email firewall using encryption / decryption with stored key
US7127741B2 (en) * 1998-11-03 2006-10-24 Tumbleweed Communications Corp. Method and system for e-mail message transmission
US5978917A (en) * 1997-08-14 1999-11-02 Symantec Corporation Detection and elimination of macro viruses
US6212551B1 (en) * 1997-09-15 2001-04-03 Advanced Micro Devices, Inc. Digitized audio data attachment to text message for electronic mail
US6073166A (en) * 1997-10-14 2000-06-06 Maila Nordic Ab System for transfer of data
US6003132A (en) * 1997-10-22 1999-12-14 Rvt Technologies, Inc. Method and apparatus for isolating a computer system upon detection of viruses and similar data
US6081894A (en) * 1997-10-22 2000-06-27 Rvt Technologies, Inc. Method and apparatus for isolating an encrypted computer system upon detection of viruses and similar data
US6393568B1 (en) * 1997-10-23 2002-05-21 Entrust Technologies Limited Encryption and decryption system and method with content analysis provision
US8225408B2 (en) * 1997-11-06 2012-07-17 Finjan, Inc. Method and system for adaptive rule-based content scanners
US7418731B2 (en) * 1997-11-06 2008-08-26 Finjan Software, Ltd. Method and system for caching at secure gateways
US7975305B2 (en) * 1997-11-06 2011-07-05 Finjan, Inc. Method and system for adaptive rule-based content scanners for desktop computers
US6088803A (en) * 1997-12-30 2000-07-11 Intel Corporation System for virus-checking network data during download to a client device
US6035423A (en) * 1997-12-31 2000-03-07 Network Associates, Inc. Method and system for providing automated updating and upgrading of antivirus applications using a computer network
US6205551B1 (en) * 1998-01-29 2001-03-20 Lucent Technologies Inc. Computer security using virus probing
US5987610A (en) 1998-02-12 1999-11-16 Ameritech Corporation Computer virus screening methods and systems
JP3579240B2 (en) * 1998-02-13 2004-10-20 富士通株式会社 E-mail device and computer-readable recording medium recording e-mail program
US6160423A (en) * 1998-03-16 2000-12-12 Jazio, Inc. High speed source synchronous signaling for interfacing VLSI CMOS circuits to transmission lines
TR200002649T2 (en) 1998-03-16 2000-11-21 Jazio Inc. High-speed signal generation for VLSI CMOS interface circuits.
US6073133A (en) * 1998-05-15 2000-06-06 Micron Electronics Inc. Electronic mail attachment verifier
WO1999066383A2 (en) * 1998-06-15 1999-12-23 Dmw Worldwide, Inc. Method and apparatus for assessing the security of a computer system
JP3225926B2 (en) * 1998-07-14 2001-11-05 日本電気株式会社 E-mail transmission / reception method and system, and machine-readable recording medium recording program
US6253337B1 (en) * 1998-07-21 2001-06-26 Raytheon Company Information security analysis system
US6269447B1 (en) 1998-07-21 2001-07-31 Raytheon Company Information security analysis system
US6304262B1 (en) 1998-07-21 2001-10-16 Raytheon Company Information security analysis system
US7047423B1 (en) 1998-07-21 2006-05-16 Computer Associates Think, Inc. Information security analysis system
US6233583B1 (en) * 1998-09-10 2001-05-15 International Business Machines Corporation Report generator for use within a lotus notes database system
US6338141B1 (en) 1998-09-30 2002-01-08 Cybersoft, Inc. Method and apparatus for computer virus detection, analysis, and removal in real time
US7617124B1 (en) 1998-12-04 2009-11-10 Digital River, Inc. Apparatus and method for secure downloading of files
US20030195974A1 (en) * 1998-12-04 2003-10-16 Ronning Joel A. Apparatus and method for scheduling of search for updates or downloads of a file
US7058597B1 (en) * 1998-12-04 2006-06-06 Digital River, Inc. Apparatus and method for adaptive fraud screening for electronic commerce transactions
US7181486B1 (en) 1998-12-07 2007-02-20 Network Ice Corporation Method and apparatus for remote installation of network drivers and software
WO2000034867A1 (en) 1998-12-09 2000-06-15 Network Ice Corporation A method and apparatus for providing network and computer system security
EP1137992A4 (en) * 1998-12-11 2003-02-05 Rvt Technologies Inc Method and apparatus for isolating a computer system upon detection of viruses and similar data
US7389540B2 (en) 1999-02-03 2008-06-17 Cybersoft, Inc. Apparatus and methods for intercepting, examining and controlling code, data and files and their transfer
US7917744B2 (en) * 1999-02-03 2011-03-29 Cybersoft, Inc. Apparatus and methods for intercepting, examining and controlling code, data and files and their transfer in instant messaging and peer-to-peer applications
US6725377B1 (en) * 1999-03-12 2004-04-20 Networks Associates Technology, Inc. Method and system for updating anti-intrusion software
US6922781B1 (en) * 1999-04-30 2005-07-26 Ideaflood, Inc. Method and apparatus for identifying and characterizing errant electronic files
US7120628B1 (en) * 1999-07-01 2006-10-10 International Business Machines Corporation System and method for enabling a user to subscribe to updates from information sources
US7346929B1 (en) 1999-07-29 2008-03-18 International Business Machines Corporation Method and apparatus for auditing network security
US7840639B1 (en) 1999-09-21 2010-11-23 G&H Nevada-Tek Method and article of manufacture for an automatically executed application program associated with an electronic message
US6360221B1 (en) 1999-09-21 2002-03-19 Neostar, Inc. Method and apparatus for the production, delivery, and receipt of enhanced e-mail
US9092535B1 (en) 1999-09-21 2015-07-28 Google Inc. E-mail embedded textual hyperlink object
US6704771B1 (en) * 1999-09-21 2004-03-09 Neostar, Inc. Electronic message payload for interfacing with text contained in the message
US6687740B1 (en) 1999-09-21 2004-02-03 Neostar, Inc. System, method and article of manufacture for preventing the proliferation of unwanted electronic messages
US6763462B1 (en) * 1999-10-05 2004-07-13 Micron Technology, Inc. E-mail virus detection utility
JP2001142802A (en) * 1999-11-11 2001-05-25 Matsushita Graphic Communication Systems Inc Device and method for receiving image
US7020845B1 (en) 1999-11-15 2006-03-28 Gottfurcht Elliot A Navigating internet content on a television using a simplified interface and a remote control
US6321267B1 (en) 1999-11-23 2001-11-20 Escom Corporation Method and apparatus for filtering junk email
US7249175B1 (en) 1999-11-23 2007-07-24 Escom Corporation Method and system for blocking e-mail having a nonexistent sender address
US6868405B1 (en) 1999-11-29 2005-03-15 Microsoft Corporation Copy detection for digitally-formatted works
US8006243B2 (en) 1999-12-07 2011-08-23 International Business Machines Corporation Method and apparatus for remote installation of network drivers and software
US6954858B1 (en) * 1999-12-22 2005-10-11 Kimberly Joyce Welborn Computer virus avoidance system and mechanism
GB2353372B (en) * 1999-12-24 2001-08-22 F Secure Oyj Remote computer virus scanning
US6738972B1 (en) * 1999-12-30 2004-05-18 Opentv, Inc. Method for flow scheduling
US6701440B1 (en) * 2000-01-06 2004-03-02 Networks Associates Technology, Inc. Method and system for protecting a computer using a remote e-mail scanning device
US6845448B1 (en) * 2000-01-07 2005-01-18 Pennar Software Corporation Online repository for personal information
US8117644B2 (en) * 2000-01-07 2012-02-14 Pennar Software Corporation Method and system for online document collaboration
US7310816B1 (en) * 2000-01-27 2007-12-18 Dale Burns System and method for email screening
US7908652B1 (en) 2001-12-21 2011-03-15 Trapware Corporation Detection of observers and countermeasures against observers
US8176551B1 (en) * 2000-01-27 2012-05-08 Trapware Corporation Detection of observer programs and countermeasures against observer programs
US20010052019A1 (en) * 2000-02-04 2001-12-13 Ovt, Inc. Video mail delivery system
JP2001265674A (en) * 2000-03-22 2001-09-28 Nec Corp Electronic mail transfer device and electronic mail transfer system
JP2001296985A (en) * 2000-04-17 2001-10-26 Fuji Xerox Co Ltd Information output system
WO2001084285A2 (en) 2000-04-28 2001-11-08 Internet Security Systems, Inc. Method and system for managing computer security information
US7921459B2 (en) 2000-04-28 2011-04-05 International Business Machines Corporation System and method for managing security events on a network
US7574740B1 (en) 2000-04-28 2009-08-11 International Business Machines Corporation Method and system for intrusion detection in a computer network
DE10023249A1 (en) * 2000-05-12 2001-11-22 Juergen Martens E-mail identification and processing method involves informing user regarding change of content of e-mail which is processed
KR20010105618A (en) * 2000-05-16 2001-11-29 정우협 Email preview
EP1305688A2 (en) * 2000-05-28 2003-05-02 Yaron Mayer System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages
US9213836B2 (en) 2000-05-28 2015-12-15 Barhon Mayer, Batya System and method for comprehensive general electric protection for computers against malicious programs that may steal information and/or cause damages
KR100392879B1 (en) * 2000-06-02 2003-08-06 주식회사 인터넷엑스퍼트시스템 E-mail security audit system for corporation security & virus spread by e-mail
US7392398B1 (en) * 2000-06-05 2008-06-24 Ati International Srl Method and apparatus for protection of computer assets from unauthorized access
US20020035696A1 (en) * 2000-06-09 2002-03-21 Will Thacker System and method for protecting a networked computer from viruses
US6721721B1 (en) * 2000-06-15 2004-04-13 International Business Machines Corporation Virus checking and reporting for computer database search results
US20040073617A1 (en) 2000-06-19 2004-04-15 Milliken Walter Clark Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail
US7017187B1 (en) 2000-06-20 2006-03-21 Citigroup Global Markets, Inc. Method and system for file blocking in an electronic messaging system
US6901519B1 (en) 2000-06-22 2005-05-31 Infobahn, Inc. E-mail virus protection system and method
US7913078B1 (en) 2000-06-22 2011-03-22 Walter Mason Stewart Computer network virus protection system and method
US7080407B1 (en) * 2000-06-27 2006-07-18 Cisco Technology, Inc. Virus detection and removal system and method for network-based systems
US7162649B1 (en) 2000-06-30 2007-01-09 Internet Security Systems, Inc. Method and apparatus for network assessment and authentication
KR100794136B1 (en) * 2000-06-30 2008-01-10 주식회사 케이티 Remote virus check service method
US6907531B1 (en) 2000-06-30 2005-06-14 Internet Security Systems, Inc. Method and system for identifying, fixing, and updating security vulnerabilities
GB2357939B (en) * 2000-07-05 2002-05-15 Gfi Fax & Voice Ltd Electronic mail message anti-virus system and method
GB0016835D0 (en) * 2000-07-07 2000-08-30 Messagelabs Limited Method of, and system for, processing email
US20020013817A1 (en) * 2000-07-07 2002-01-31 Collins Thomas M. Method and apparatus for distributing of e-mail to multiple recipients
US7093239B1 (en) 2000-07-14 2006-08-15 Internet Security Systems, Inc. Computer immune system and method for detecting unwanted code in a computer system
US8341743B2 (en) * 2000-07-14 2012-12-25 Ca, Inc. Detection of viral code using emulation of operating system functions
US6910134B1 (en) * 2000-08-29 2005-06-21 Netrake Corporation Method and device for innoculating email infected with a virus
JP3251000B2 (en) * 2000-09-07 2002-01-28 松本建工株式会社 Insulation structure of house and heat shield used
US6785732B1 (en) * 2000-09-11 2004-08-31 International Business Machines Corporation Web server apparatus and method for virus checking
US6886099B1 (en) * 2000-09-12 2005-04-26 Networks Associates Technology, Inc. Computer virus detection
US7178166B1 (en) 2000-09-19 2007-02-13 Internet Security Systems, Inc. Vulnerability assessment and authentication of a computer by a local scanner
US6650890B1 (en) * 2000-09-29 2003-11-18 Postini, Inc. Value-added electronic messaging services and transparent implementation thereof using intermediate server
US6968461B1 (en) * 2000-10-03 2005-11-22 Networks Associates Technology, Inc. Providing break points in a malware scanning operation
US7197507B2 (en) * 2000-10-03 2007-03-27 Netagent Co., Ltd Communication information recording device
US6802012B1 (en) * 2000-10-03 2004-10-05 Networks Associates Technology, Inc. Scanning computer files for unwanted properties
US6757830B1 (en) * 2000-10-03 2004-06-29 Networks Associates Technology, Inc. Detecting unwanted properties in received email messages
US9027121B2 (en) 2000-10-10 2015-05-05 International Business Machines Corporation Method and system for creating a record for one or more computer security incidents
US7086090B1 (en) 2000-10-20 2006-08-01 International Business Machines Corporation Method and system for protecting pervasive devices and servers from exchanging viruses
US7146305B2 (en) 2000-10-24 2006-12-05 Vcis, Inc. Analytical virtual machine
US7003551B2 (en) * 2000-11-30 2006-02-21 Bellsouth Intellectual Property Corp. Method and apparatus for minimizing storage of common attachment files in an e-mail communications server
US7152164B1 (en) * 2000-12-06 2006-12-19 Pasi Into Loukas Network anti-virus system
US7130466B2 (en) 2000-12-21 2006-10-31 Cobion Ag System and method for compiling images from a database and comparing the compiled images with known images
US7340776B2 (en) 2001-01-31 2008-03-04 International Business Machines Corporation Method and system for configuring and scheduling security audits of a computer network
US7797251B2 (en) * 2001-02-14 2010-09-14 5th Fleet, L.L.C. System and method providing secure credit or debit transactions across unsecure networks
US8219620B2 (en) 2001-02-20 2012-07-10 Mcafee, Inc. Unwanted e-mail filtering system including voting feedback
US7404212B2 (en) * 2001-03-06 2008-07-22 Cybersoft, Inc. Apparatus and methods for intercepting, examining and controlling code, data and files and their transfer
US7136920B2 (en) * 2001-03-09 2006-11-14 Research In Motion Limited Wireless communication system congestion reduction system and method
US6928465B2 (en) * 2001-03-16 2005-08-09 Wells Fargo Bank, N.A. Redundant email address detection and capture system
US20030018903A1 (en) * 2001-03-19 2003-01-23 Greca Damon G. Della Method of containing spread of computer viruses
JP2002288093A (en) * 2001-03-26 2002-10-04 Fujitsu Ltd Electronic mail program
US7010696B1 (en) 2001-03-30 2006-03-07 Mcafee, Inc. Method and apparatus for predicting the incidence of a virus
US7114184B2 (en) * 2001-03-30 2006-09-26 Computer Associates Think, Inc. System and method for restoring computer systems damaged by a malicious computer program
US7062555B1 (en) 2001-04-06 2006-06-13 Networks Associates Technology, Inc. System and method for automatic selection of service provider for efficient use of bandwidth and resources in a peer-to-peer network environment
WO2002093334A2 (en) 2001-04-06 2002-11-21 Symantec Corporation Temporal access control for computer virus outbreaks
US7181506B1 (en) * 2001-04-06 2007-02-20 Mcafee, Inc. System and method to securely confirm performance of task by a peer in a peer-to-peer network environment
US20020147780A1 (en) * 2001-04-09 2002-10-10 Liu James Y. Method and system for scanning electronic mail to detect and eliminate computer viruses using a group of email-scanning servers and a recipient's email gateway
US6941478B2 (en) * 2001-04-13 2005-09-06 Nokia, Inc. System and method for providing exploit protection with message tracking
EP1388068B1 (en) * 2001-04-13 2015-08-12 Nokia Technologies Oy System and method for providing exploit protection for networks
US20020178373A1 (en) * 2001-04-16 2002-11-28 Randice-Lisa Altschul Computer virus rejection system and method
US7424747B2 (en) * 2001-04-24 2008-09-09 Microsoft Corporation Method and system for detecting pirated content
US6931552B2 (en) * 2001-05-02 2005-08-16 James B. Pritchard Apparatus and method for protecting a computer system against computer viruses and unauthorized access
US20020199120A1 (en) * 2001-05-04 2002-12-26 Schmidt Jeffrey A. Monitored network security bridge system and method
US7188368B2 (en) * 2001-05-25 2007-03-06 Lenovo (Singapore) Pte. Ltd. Method and apparatus for repairing damage to a computer system using a system rollback mechanism
US7640434B2 (en) * 2001-05-31 2009-12-29 Trend Micro, Inc. Identification of undesirable content in responses sent in reply to a user request for content
US7562388B2 (en) * 2001-05-31 2009-07-14 International Business Machines Corporation Method and system for implementing security devices in a network
US7237264B1 (en) 2001-06-04 2007-06-26 Internet Security Systems, Inc. System and method for preventing network misuse
JP4566460B2 (en) * 2001-06-07 2010-10-20 パイオニア株式会社 Email virus check system
US7657419B2 (en) 2001-06-19 2010-02-02 International Business Machines Corporation Analytical virtual machine
KR20030000584A (en) * 2001-06-26 2003-01-06 (주)넥센 Computer virus nonproliferation type system and method for processing a electronic mail
US6981280B2 (en) 2001-06-29 2005-12-27 Mcafee, Inc. Intelligent network scanning system and method
CA2454828A1 (en) * 2001-07-24 2003-02-06 Theresa Eileen Phillips Network security architecture
US7647376B1 (en) 2001-07-26 2010-01-12 Mcafee, Inc. SPAM report generation system and method
US6944775B2 (en) * 2001-07-26 2005-09-13 Networks Associates Technology, Inc. Scanner API for executing multiple scanning engines
US7231637B1 (en) * 2001-07-26 2007-06-12 Mcafee, Inc. Security and software testing of pre-release anti-virus updates on client and transmitting the results to the server
EP1280298A1 (en) * 2001-07-26 2003-01-29 BRITISH TELECOMMUNICATIONS public limited company Method and apparatus of detecting network activity
US7487544B2 (en) * 2001-07-30 2009-02-03 The Trustees Of Columbia University In The City Of New York System and methods for detection of new malicious executables
US6718469B2 (en) * 2001-08-01 2004-04-06 Networks Associates Technology, Inc. System and method for executing computer virus definitions containing general purpose programming language extensions
US7171690B2 (en) * 2001-08-01 2007-01-30 Mcafee, Inc. Wireless malware scanning back-end system and method
US6792543B2 (en) * 2001-08-01 2004-09-14 Networks Associates Technology, Inc. Virus scanning on thin client devices using programmable assembly language
US6993660B1 (en) * 2001-08-03 2006-01-31 Mcafee, Inc. System and method for performing efficient computer virus scanning of transient messages using checksums in a distributed computing environment
US7117533B1 (en) * 2001-08-03 2006-10-03 Mcafee, Inc. System and method for providing dynamic screening of transient messages in a distributed computing environment
US7657935B2 (en) * 2001-08-16 2010-02-02 The Trustees Of Columbia University In The City Of New York System and methods for detecting malicious email transmission
JP2003067306A (en) * 2001-08-24 2003-03-07 Hitachi Ltd Storage management method for electronic mail
US7263561B1 (en) * 2001-08-24 2007-08-28 Mcafee, Inc. Systems and methods for making electronic files that have been converted to a safe format available for viewing by an intended recipient
US7640361B1 (en) * 2001-08-24 2009-12-29 Mcafee, Inc. Systems and methods for converting infected electronic files to a safe format
US7302706B1 (en) * 2001-08-31 2007-11-27 Mcafee, Inc Network-based file scanning and solution delivery in real time
US7107618B1 (en) 2001-09-25 2006-09-12 Mcafee, Inc. System and method for certifying that data received over a computer network has been checked for viruses
US7356736B2 (en) * 2001-09-25 2008-04-08 Norman Asa Simulated computer system for monitoring of software performance
US6892241B2 (en) 2001-09-28 2005-05-10 Networks Associates Technology, Inc. Anti-virus policy enforcement system and method
US20030097409A1 (en) * 2001-10-05 2003-05-22 Hungchou Tsai Systems and methods for securing computers
KR100461984B1 (en) * 2001-10-06 2004-12-17 주식회사 테라스테크놀로지 Method for detecting Email virus and inducing clients to cure the detected virus
US7340774B2 (en) * 2001-10-15 2008-03-04 Mcafee, Inc. Malware scanning as a low priority task
US7310818B1 (en) * 2001-10-25 2007-12-18 Mcafee, Inc. System and method for tracking computer viruses
JP3693244B2 (en) * 2001-10-31 2005-09-07 株式会社日立製作所 E-mail system, mail server and mail terminal
US20030093689A1 (en) * 2001-11-15 2003-05-15 Aladdin Knowledge Systems Ltd. Security router
JP3914757B2 (en) * 2001-11-30 2007-05-16 デュアキシズ株式会社 Apparatus, method and system for virus inspection
CN101242416B (en) * 2001-12-10 2011-11-16 思科技术公司 Method and device for filtering and analyzing communication traffic based on packet
US9306966B2 (en) 2001-12-14 2016-04-05 The Trustees Of Columbia University In The City Of New York Methods of unsupervised anomaly detection using a geometric framework
US8544087B1 (en) 2001-12-14 2013-09-24 The Trustess Of Columbia University In The City Of New York Methods of unsupervised anomaly detection using a geometric framework
US7401359B2 (en) * 2001-12-21 2008-07-15 Mcafee, Inc. Generating malware definition data for mobile computing devices
GB0130805D0 (en) * 2001-12-22 2002-02-06 Koninkl Philips Electronics Nv Dealing with a computer virus which self-propagates by e-mail
US7673137B2 (en) 2002-01-04 2010-03-02 International Business Machines Corporation System and method for the managed security control of processes on a computer system
US7269851B2 (en) * 2002-01-07 2007-09-11 Mcafee, Inc. Managing malware protection upon a computer network
US7607171B1 (en) 2002-01-17 2009-10-20 Avinti, Inc. Virus detection by executing e-mail code in a virtual machine
US9652613B1 (en) 2002-01-17 2017-05-16 Trustwave Holdings, Inc. Virus detection by executing electronic message code in a virtual machine
US7225343B1 (en) 2002-01-25 2007-05-29 The Trustees Of Columbia University In The City Of New York System and methods for adaptive model generation for detecting intrusions in computer systems
GB2384659B (en) * 2002-01-25 2004-01-14 F Secure Oyj Anti-virus protection at a network gateway
KR100443175B1 (en) * 2002-02-14 2004-08-04 주식회사 안철수연구소 An antivirus service system
CN1332333C (en) * 2002-02-19 2007-08-15 波斯蒂尼公司 E-mail management services
US7281269B1 (en) * 2002-03-06 2007-10-09 Novell, Inc. Methods, data structures, and systems to remotely validate a message
US7693285B2 (en) * 2002-03-06 2010-04-06 Entrust, Inc. Secure communication apparatus and method
US20030204569A1 (en) * 2002-04-29 2003-10-30 Michael R. Andrews Method and apparatus for filtering e-mail infected with a previously unidentified computer virus
US7237008B1 (en) * 2002-05-10 2007-06-26 Mcafee, Inc. Detecting malware carried by an e-mail message
US7370360B2 (en) 2002-05-13 2008-05-06 International Business Machines Corporation Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine
US7634806B2 (en) * 2002-05-30 2009-12-15 Microsoft Corporation Peer assembly inspection
US7367056B1 (en) 2002-06-04 2008-04-29 Symantec Corporation Countering malicious code infections to computer files that have been infected more than once
US20040021889A1 (en) * 2002-07-30 2004-02-05 Mcafee David A. Method of transmitting information from a document to a remote location, and a computer peripheral device
WO2004015954A1 (en) * 2002-08-07 2004-02-19 British Telecommunications Public Limited Company Server for sending electronics messages
US7424510B2 (en) * 2002-09-03 2008-09-09 X1 Technologies, Inc. Methods and systems for Web-based incremental searches
US8856093B2 (en) 2002-09-03 2014-10-07 William Gross Methods and systems for search indexing
FI113499B (en) * 2002-09-12 2004-04-30 Jarmo Talvitie A protection system, method and device for using computer viruses and isolating information
US7337471B2 (en) * 2002-10-07 2008-02-26 Symantec Corporation Selective detection of malicious computer code
US7469419B2 (en) 2002-10-07 2008-12-23 Symantec Corporation Detection of malicious computer code
US7260847B2 (en) * 2002-10-24 2007-08-21 Symantec Corporation Antivirus scanning in a hard-linked environment
US7249187B2 (en) 2002-11-27 2007-07-24 Symantec Corporation Enforcement of compliance with network security policies
US7373664B2 (en) * 2002-12-16 2008-05-13 Symantec Corporation Proactive protection against e-mail worms and spam
MY141160A (en) * 2003-01-13 2010-03-31 Multimedia Glory Sdn Bhd System and method of preventing the transmission of known and unknown electronic content to and from servers or workstations connected to a common network
US7219131B2 (en) * 2003-01-16 2007-05-15 Ironport Systems, Inc. Electronic message delivery using an alternate source approach
US7913303B1 (en) 2003-01-21 2011-03-22 International Business Machines Corporation Method and system for dynamically protecting a computer system from attack
US7900254B1 (en) * 2003-01-24 2011-03-01 Mcafee, Inc. Identifying malware infected reply messages
US20040153666A1 (en) * 2003-02-05 2004-08-05 Sobel William E. Structured rollout of updates to malicious computer code detection definitions
US7293290B2 (en) * 2003-02-06 2007-11-06 Symantec Corporation Dynamic detection of computer worms
US20040158546A1 (en) * 2003-02-06 2004-08-12 Sobel William E. Integrity checking for software downloaded from untrusted sources
US20040158741A1 (en) * 2003-02-07 2004-08-12 Peter Schneider System and method for remote virus scanning in wireless networks
US7246227B2 (en) * 2003-02-10 2007-07-17 Symantec Corporation Efficient scanning of stream based data
US20060265459A1 (en) * 2003-02-19 2006-11-23 Postini, Inc. Systems and methods for managing the transmission of synchronous electronic messages
US7603472B2 (en) * 2003-02-19 2009-10-13 Google Inc. Zero-minute virus and spam detection
US7958187B2 (en) * 2003-02-19 2011-06-07 Google Inc. Systems and methods for managing directory harvest attacks via electronic messages
US7496628B2 (en) 2003-02-25 2009-02-24 Susquehanna International Group, Llp Electronic message filter
US6965968B1 (en) 2003-02-27 2005-11-15 Finjan Software Ltd. Policy-based caching
US7203959B2 (en) 2003-03-14 2007-04-10 Symantec Corporation Stream scanning through network proxy servers
US7546638B2 (en) 2003-03-18 2009-06-09 Symantec Corporation Automated identification and clean-up of malicious computer code
US7113948B2 (en) * 2003-03-21 2006-09-26 Acellion Pte Ltd. Methods and systems for email attachment distribution and management
US7716736B2 (en) * 2003-04-17 2010-05-11 Cybersoft, Inc. Apparatus, methods and articles of manufacture for computer virus testing
US7039950B2 (en) * 2003-04-21 2006-05-02 Ipolicy Networks, Inc. System and method for network quality of service protection on security breach detection
GB2400934B (en) * 2003-04-25 2005-12-14 Messagelabs Ltd A method of,and system for detecting mass mailing viruses
US20050010563A1 (en) * 2003-05-15 2005-01-13 William Gross Internet search application
BR0307030A (en) * 2003-05-17 2005-03-08 Microsoft Corp Security Risk Assessment Mechanism
US7669207B2 (en) * 2003-07-17 2010-02-23 Gradient Enterprises, Inc. Method for detecting, reporting and responding to network node-level events and a system thereof
US20050028010A1 (en) * 2003-07-29 2005-02-03 International Business Machines Corporation System and method for addressing denial of service virus attacks
US7386719B2 (en) * 2003-07-29 2008-06-10 International Business Machines Corporation System and method for eliminating viruses at a web page server
US7739278B1 (en) * 2003-08-22 2010-06-15 Symantec Corporation Source independent file attribute tracking
US7386888B2 (en) * 2003-08-29 2008-06-10 Trend Micro, Inc. Network isolation techniques suitable for virus protection
US7703078B2 (en) * 2003-09-03 2010-04-20 Cybersoft, Inc. Apparatus, methods and articles of manufacture for software demonstration
US8200761B1 (en) 2003-09-18 2012-06-12 Apple Inc. Method and apparatus for improving security in a data processing system
US20050081057A1 (en) * 2003-10-10 2005-04-14 Oded Cohen Method and system for preventing exploiting an email message
US7657938B2 (en) 2003-10-28 2010-02-02 International Business Machines Corporation Method and system for protecting computer networks by altering unwanted network data traffic
US7945914B2 (en) * 2003-12-10 2011-05-17 X1 Technologies, Inc. Methods and systems for performing operations in response to detecting a computer idle condition
US8990928B1 (en) 2003-12-11 2015-03-24 Radix Holdings, Llc URL salience
US20050177720A1 (en) * 2004-02-10 2005-08-11 Seiichi Katano Virus protection for multi-function peripherals
US20050177748A1 (en) * 2004-02-10 2005-08-11 Seiichi Katano Virus protection for multi-function peripherals
EP1716676B1 (en) 2004-02-17 2012-06-13 Cisco Technology, Inc. Collecting, aggregating, and managing information relating to electronic messages
US7607172B2 (en) * 2004-03-02 2009-10-20 International Business Machines Corporation Method of protecting a computing system from harmful active content in documents
US7130981B1 (en) 2004-04-06 2006-10-31 Symantec Corporation Signature driven cache extension for stream based scanning
US7647321B2 (en) * 2004-04-26 2010-01-12 Google Inc. System and method for filtering electronic messages using business heuristics
US7861304B1 (en) 2004-05-07 2010-12-28 Symantec Corporation Pattern matching using embedded functions
US7373667B1 (en) 2004-05-14 2008-05-13 Symantec Corporation Protecting a computer coupled to a network from malicious code infections
US7484094B1 (en) 2004-05-14 2009-01-27 Symantec Corporation Opening computer files quickly and safely over a network
EP1761863A4 (en) * 2004-05-25 2009-11-18 Postini Inc Electronic message source information reputation system
US7756930B2 (en) 2004-05-28 2010-07-13 Ironport Systems, Inc. Techniques for determining the reputation of a message sender
US7870200B2 (en) * 2004-05-29 2011-01-11 Ironport Systems, Inc. Monitoring the flow of messages received at a server
US7873695B2 (en) 2004-05-29 2011-01-18 Ironport Systems, Inc. Managing connections and messages at a server by associating different actions for both different senders and different recipients
US8166310B2 (en) 2004-05-29 2012-04-24 Ironport Systems, Inc. Method and apparatus for providing temporary access to a network device
US7849142B2 (en) 2004-05-29 2010-12-07 Ironport Systems, Inc. Managing connections, messages, and directory harvest attacks at a server
US7917588B2 (en) * 2004-05-29 2011-03-29 Ironport Systems, Inc. Managing delivery of electronic messages using bounce profiles
US7748038B2 (en) 2004-06-16 2010-06-29 Ironport Systems, Inc. Method and apparatus for managing computer virus outbreaks
US7694340B2 (en) 2004-06-21 2010-04-06 Microsoft Corporation Anti virus for an item store
US20060005043A1 (en) * 2004-07-03 2006-01-05 Jung-Jen Hsueh Method of scanning computer virus within internet packet
NZ552759A (en) * 2004-07-06 2008-11-28 Ntt Docomo Inc Message transfer system and message transfer method
US7343624B1 (en) 2004-07-13 2008-03-11 Sonicwall, Inc. Managing infectious messages as identified by an attachment
US9154511B1 (en) 2004-07-13 2015-10-06 Dell Software Inc. Time zero detection of infectious messages
US7509680B1 (en) 2004-09-01 2009-03-24 Symantec Corporation Detecting computer worms as they arrive at local computers through open network shares
US20060075144A1 (en) * 2004-09-24 2006-04-06 International Business Machines Corp. Remote access to a local hard drive
GB2418500A (en) * 2004-09-27 2006-03-29 Clearswift Ltd Detection, quarantine and modification of dangerous web pages
CN100349426C (en) * 2004-10-10 2007-11-14 中兴通讯股份有限公司 On-line monitoring and testing method for communication interface
US7565686B1 (en) 2004-11-08 2009-07-21 Symantec Corporation Preventing unauthorized loading of late binding code into a process
US8059551B2 (en) * 2005-02-15 2011-11-15 Raytheon Bbn Technologies Corp. Method for source-spoofed IP packet traceback
US20060253908A1 (en) * 2005-05-03 2006-11-09 Tzu-Jian Yang Stateful stack inspection anti-virus and anti-intrusion firewall system
US20060253597A1 (en) * 2005-05-05 2006-11-09 Mujica Technologies Inc. E-mail system
GB2427048A (en) 2005-06-09 2006-12-13 Avecho Group Ltd Detection of unwanted code or data in electronic mail
US7975303B1 (en) 2005-06-27 2011-07-05 Symantec Corporation Efficient file scanning using input-output hints
US7895654B1 (en) 2005-06-27 2011-02-22 Symantec Corporation Efficient file scanning using secure listing of file modification times
US8984636B2 (en) * 2005-07-29 2015-03-17 Bit9, Inc. Content extractor and analysis system
US8645683B1 (en) 2005-08-11 2014-02-04 Aaron T. Emigh Verified navigation
US7908329B2 (en) * 2005-08-16 2011-03-15 Microsoft Corporation Enhanced e-mail folder security
US7571483B1 (en) 2005-08-25 2009-08-04 Lockheed Martin Corporation System and method for reducing the vulnerability of a computer network to virus threats
JP4687382B2 (en) * 2005-10-25 2011-05-25 株式会社日立製作所 Virus check method in storage system
US8301767B1 (en) 2005-12-21 2012-10-30 Mcafee, Inc. System, method and computer program product for controlling network communications based on policy compliance
US7844829B2 (en) * 2006-01-18 2010-11-30 Sybase, Inc. Secured database system with built-in antivirus protection
US8418245B2 (en) * 2006-01-18 2013-04-09 Webroot Inc. Method and system for detecting obfuscatory pestware in a computer memory
US8601160B1 (en) 2006-02-09 2013-12-03 Mcafee, Inc. System, method and computer program product for gathering information relating to electronic content utilizing a DNS server
US8903763B2 (en) * 2006-02-21 2014-12-02 International Business Machines Corporation Method, system, and program product for transferring document attributes
US7730538B2 (en) * 2006-06-02 2010-06-01 Microsoft Corporation Combining virus checking and replication filtration
US8239915B1 (en) 2006-06-30 2012-08-07 Symantec Corporation Endpoint management using trust rating data
US20090019388A1 (en) * 2006-07-03 2009-01-15 Lifeng Zhang Anti-virus usage model at an exterior panel of a computer
EP3955180A1 (en) 2006-07-20 2022-02-16 BlackBerry Limited System and method for electronic file transmission
CN101141244B (en) * 2006-09-08 2010-05-26 飞塔公司 Network enciphered data virus detection and elimination system and proxy server and method
US8527592B2 (en) * 2006-10-31 2013-09-03 Watchguard Technologies, Inc. Reputation-based method and system for determining a likelihood that a message is undesired
GB0621656D0 (en) 2006-10-31 2006-12-06 Hewlett Packard Development Co Data file transformation
KR100862282B1 (en) * 2006-11-03 2008-10-13 주식회사 비즈모델라인 Devices for Scanning The Worm Virus Trace Spreaded in Networks and Program Recording Medium
US9729513B2 (en) 2007-11-08 2017-08-08 Glasswall (Ip) Limited Using multiple layers of policy management to manage risk
GB2444514A (en) 2006-12-04 2008-06-11 Glasswall Electronic file re-generation
US20080229416A1 (en) * 2007-01-09 2008-09-18 G. K. Webb Services Llc Computer Network Virus Protection System and Method
TW200830852A (en) * 2007-01-11 2008-07-16 Avision Inc Method for transferring fax data and multi-function printer using the same
US7895658B2 (en) * 2007-01-25 2011-02-22 Kabushiki Kaisha Toshiba Image forming apparatus and control method thereof
US8635691B2 (en) * 2007-03-02 2014-01-21 403 Labs, Llc Sensitive data scanner
US8850587B2 (en) * 2007-05-04 2014-09-30 Wipro Limited Network security scanner for enterprise protection
US8402529B1 (en) 2007-05-30 2013-03-19 M86 Security, Inc. Preventing propagation of malicious software during execution in a virtual machine
CN101163274B (en) * 2007-11-16 2011-12-14 中国联合网络通信集团有限公司 Device, method and mail system for supporting anti-virus of electronic mail
US8353041B2 (en) * 2008-05-16 2013-01-08 Symantec Corporation Secure application streaming
GB0822619D0 (en) 2008-12-11 2009-01-21 Scansafe Ltd Malware detection
US20100154062A1 (en) * 2008-12-16 2010-06-17 Elad Baram Virus Scanning Executed Within a Storage Device to Reduce Demand on Host Resources
US8065567B1 (en) * 2009-03-03 2011-11-22 Symantec Corporation Systems and methods for recording behavioral information of an unverified component
GB2470928A (en) * 2009-06-10 2010-12-15 F Secure Oyj False alarm identification for malware using clean scanning
JP4798278B2 (en) * 2009-09-17 2011-10-19 コニカミノルタビジネステクノロジーズ株式会社 Job processing system, image processing apparatus, program, and control method for image processing apparatus
US9009820B1 (en) 2010-03-08 2015-04-14 Raytheon Company System and method for malware detection using multiple techniques
US8863279B2 (en) * 2010-03-08 2014-10-14 Raytheon Company System and method for malware detection
RU2457533C1 (en) * 2011-02-10 2012-07-27 Государственное образовательное учреждение высшего профессионального образования Северо-Кавказский горно-металлургический институт (государственный технологический университет) (СКГМИ (ГТУ) Method for adaptive management of package of antivirus scanners and system for realising said method
US8756693B2 (en) 2011-04-05 2014-06-17 The United States Of America As Represented By The Secretary Of The Air Force Malware target recognition
US8584235B2 (en) * 2011-11-02 2013-11-12 Bitdefender IPR Management Ltd. Fuzzy whitelisting anti-malware systems and methods
CN102497425A (en) * 2011-12-12 2012-06-13 山东电力研究院 Malicious software detecting system based on transparent proxy and method thereof
RU2500070C1 (en) * 2012-03-20 2013-11-27 Федеральное государственное военное образовательное учреждение высшего профессионального образования "Военный авиационный инженерный университет" (г. Воронеж) Министерства обороны Российской Федерации System for safety risk assessment and management
CN102651744A (en) * 2012-05-04 2012-08-29 华为技术有限公司 E-mail security management method and E-mail server
CN103971053B (en) * 2013-01-30 2017-02-08 腾讯科技(深圳)有限公司 Trojan file transmission relation determining method and related device
DE102013203039A1 (en) 2013-02-25 2014-08-28 Robert Bosch Gmbh Tubular solid oxide cell
US9659058B2 (en) 2013-03-22 2017-05-23 X1 Discovery, Inc. Methods and systems for federation of results from search indexing
KR20140121142A (en) * 2013-04-05 2014-10-15 소프트캠프(주) Security method and system for Electronic documents
US9880983B2 (en) 2013-06-04 2018-01-30 X1 Discovery, Inc. Methods and systems for uniquely identifying digital content for eDiscovery
JP5606599B1 (en) * 2013-07-29 2014-10-15 デジタルア−ツ株式会社 Information processing apparatus, program, and information processing method
GB2518880A (en) 2013-10-04 2015-04-08 Glasswall Ip Ltd Anti-Malware mobile content data management apparatus and method
US10032027B2 (en) * 2014-07-29 2018-07-24 Digital Arts Inc. Information processing apparatus and program for executing an electronic data in an execution environment
US10346550B1 (en) 2014-08-28 2019-07-09 X1 Discovery, Inc. Methods and systems for searching and indexing virtual environments
US9330264B1 (en) 2014-11-26 2016-05-03 Glasswall (Ip) Limited Statistical analytic method for the determination of the risk posed by file based content
US10887261B2 (en) * 2015-07-30 2021-01-05 Microsoft Technology Licensing, Llc Dynamic attachment delivery in emails for advanced malicious content filtering
US10003558B2 (en) * 2015-09-30 2018-06-19 Bank Of America Corporation Electronic mail attachment hold and dispatch for security monitoring
US10032023B1 (en) * 2016-03-25 2018-07-24 Symantec Corporation Systems and methods for selectively applying malware signatures
CN108959917A (en) * 2017-05-25 2018-12-07 腾讯科技(深圳)有限公司 A kind of method, apparatus, equipment and the readable storage medium storing program for executing of Email detection
RU179369U1 (en) * 2017-08-21 2018-05-11 Федеральное государственное бюджетное образовательное учреждение высшего образования "Владивостокский государственный университет экономики и сервиса" (ВГУЭС) Adaptive Antivirus Scanner Package Management System
US11196754B1 (en) * 2019-06-25 2021-12-07 Ca, Inc. Systems and methods for protecting against malicious content
US11381586B2 (en) * 2019-11-20 2022-07-05 Verizon Patent And Licensing Inc. Systems and methods for detecting anomalous behavior
CN112995220A (en) * 2021-05-06 2021-06-18 广东电网有限责任公司佛山供电局 Security data security system for computer network
US12051255B1 (en) * 2021-05-07 2024-07-30 States Title, Llc Machine learning document classification

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5319776A (en) * 1990-04-19 1994-06-07 Hilgraeve Corporation In transit detection of computer virus with safeguard
US5274815A (en) * 1991-11-01 1993-12-28 Motorola, Inc. Dynamic instruction modifying controller and operation method
DK170490B1 (en) * 1992-04-28 1995-09-18 Multi Inform As Data Processing Plant
US5649095A (en) * 1992-03-30 1997-07-15 Cozza; Paul D. Method and apparatus for detecting computer viruses through the use of a scan information cache
US5440723A (en) * 1993-01-19 1995-08-08 International Business Machines Corporation Automatic immune system for computers and computer networks
US5414833A (en) * 1993-10-27 1995-05-09 International Business Machines Corporation Network security system and method using a parallel finite state machine adaptive active monitor and responder
GB2283341A (en) * 1993-10-29 1995-05-03 Sophos Plc Central virus checker for computer network.
US5623600A (en) * 1995-09-26 1997-04-22 Trend Micro, Incorporated Virus detection and removal apparatus for computer networks
US5889943A (en) * 1995-09-26 1999-03-30 Trend Micro Incorporated Apparatus and method for electronic mail virus detection and elimination

Also Published As

Publication number Publication date
CA2264816A1 (en) 1998-03-12
DE69722266D1 (en) 2003-06-26
ATE241169T1 (en) 2003-06-15
ZA977970B (en) 1998-03-23
WO1998010342A3 (en) 1998-05-14
EP1237065A2 (en) 2002-09-04
US5832208A (en) 1998-11-03
DE69722266T2 (en) 2004-04-08
EP1010059A4 (en) 2000-06-21
CA2264816C (en) 2005-11-15
EP1010059A2 (en) 2000-06-21
KR20010029480A (en) 2001-04-06
AU4253597A (en) 1998-03-26
AU735236B2 (en) 2001-07-05
ES2199372T3 (en) 2004-02-16
RU2221269C2 (en) 2004-01-10
KR100554903B1 (en) 2006-02-24
JP2001500295A (en) 2001-01-09
HK1047327A1 (en) 2003-02-14
HK1023826A1 (en) 2000-09-22
WO1998010342A2 (en) 1998-03-12
EP1237065A3 (en) 2006-03-15
BR9711990A (en) 1999-10-13
CN1236451A (en) 1999-11-24
EP1010059B1 (en) 2003-05-21

Similar Documents

Publication Publication Date Title
CN1160616C (en) Anti-virus agent for use with database and mail servers
CN1918865A (en) Method, system and computer program product for generating and processing a disposable email address
CN1885224A (en) Computer anti-virus protection system and method
CN100346610C (en) Security policy based network security management system and method
CN1206837C (en) Method and system of implementing IP data transmission on multi-service-unit according to defined strategy
CN1274107C (en) Encrypted data delivery system
CN1142489C (en) Information handling method and information handling apparatus, and memory medium for storing server control program
CN1624657A (en) Security-related programming interface
CN1729460A (en) Communication method, communication system, relay system, communication program, program for communication system, mail distribution system, mail distribution method, and mail distribution program
CN1276123A (en) Method and apparatus for structured geared to point to point communication
CN1574839A (en) Multi-layered firewall architecture
CN1574764A (en) Method for managing network filter based policies
CN1928861A (en) Immediate communication client machine for project share and method thereof
CN1720525A (en) Translation of electronically transmitted messages
CN1881903A (en) File edition management device and method and program
CN1764106A (en) System and method for preventing software and hardware with communication condition/function against embezzlement
CN1818823A (en) Computer protecting method based on programm behaviour analysis
CN1575466A (en) Realization of presence management
CN1787495A (en) Reliably transferring queued application messages
CN1711784A (en) System and method for sending SMS and text messages
CN1555170A (en) Flow filtering fine wall
CN101052946A (en) A system and method for controlling access to an electronic message recipient
CN1859332A (en) System, device and method for synchronously processing e-mail using data
CN1783792A (en) Dynamic content change notification
CN1794256A (en) Data processing device, telecommunication terminal equipment and method for processing data by data processing equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
REG Reference to a national code

Ref country code: HK

Ref legal event code: GR

Ref document number: 1023826

Country of ref document: HK

C19 Lapse of patent right due to non-payment of the annual fee
CF01 Termination of patent right due to non-payment of annual fee